1. Website Planet
  2. >
  3. News
  4. >
  5. FBI Warns Against Medusa Ransomware Attacks
FBI Warns Against Medusa Ransomware Attacks

FBI Warns Against Medusa Ransomware Attacks

Andrés Gánem Written by: Andrés Gánem
Maggy Di Costanzo Reviewed by: Maggy Di Costanzo
Last updated: April 08, 2025
US government authorities have published a joint release warning the public about the Medusa ransomware-as-a-service (RaaS) operation, urging users to take preventive measures. Since its emergence in June 2021, the Medusa gang has impacted over 300 victims from a variety of sectors.

The March 12 joint release, signed by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), recommends steps to reduce risk. These include keeping software and firmware updated, implementing multifactor authentication on email and VPN services, and using long, complex passwords.

These agencies originally identified Medusa in June 2021, but attacks have ramped up in recent months. According to CISA, Medusa relies mostly on phishing campaigns to steal individuals’ and companies’ information. To do this, the group shares fraudulent links and emails that look similar to legitimate portals, tricking people into sharing their login information.

Phishing schemes are harder to defend against using traditional cybersecurity tools, making them appealing to hackers. Last year, a different group took over several Chrome extensions through an initial phishing attack.

Once Medusa acquires login credentials, it can access personally identifiable information (PII) from its victims, such as names, addresses, and banking information. The group employs a “double extortion” model, according to the agencies, where its members “encrypt victim data and threaten to publicly release exfiltrated data if a ransom is not paid.”

As a Ransomware-as-a-Service (RaaS) operation, Medusa offers its services for a fee through its online portal. This means anyone can launch attacks against specific targets, even without the technical skills hacking would normally require.

The report details a particularly egregious incident: “FBI investigations identified that after paying the ransom, one victim was contacted by a separate Medusa actor who claimed the negotiator had stolen the ransom amount already paid and requested half of the payment be made again to provide the ‘true decryptor’– potentially indicating a triple extortion scheme.”

The full report offers further mitigation actions to protect against the Medusa attacks.

There have been several high-profile ransomware attacks in the last few months, including an attack on the PowerSchool system that exposed the data of over 62 million students.

Andrés Gánem
Andrés Gánem
Andrés writes about a variety of topics aimed at helping business owners and merchants grow and manage their ventures. These topics include (but are not limited to) website building, web hosting, project management software, and credit card processing. Andrés has 3+ years of experience as a writer and content creator. He’s also worked as a project manager, website designer, and social media manager for a variety of science communication groups.

Follow our experts on
Rate this Article
4.7 Voted by 3 users
You already voted! Undo
This field is required Maximal length of comment is equal 80000 chars Minimal length of comment is equal 10 chars
Any comments?
Reply
View %s replies
View %s reply
More news
Show more
Reply to
0 out of minimum 50 characters
Complete your reply Complete your comment
The name is too short The name is too long The name contains invalid characters
The email is required The email is incorrect
Thank you, - your comment was submitted successfully!
We check all user comments within 48 hours to make sure they are from real people like you. We're glad you found this article useful - we would appreciate it if you let more people know about it.
Popup final window
Share this blog post with friends and co-workers right now:
1 1 1
Thank you, , your comment was submitted successfully!

We check all comments within 48 hours to make sure they're from real users like you. In the meantime, you can share your comment with others to let more people know what you think.

Thank you for signing up!

Once a month you will receive interesting, insightful tips, tricks, and advice to improve your website performance and reach your digital marketing goals!

1 1 1

So happy you liked it!

Share it with your friends!

1 < 1 1

Or review us on 1

3628176
50
5000
143199909